I did not mean to say that LDAP is a auth. protocol. No way, it's a directory access protocol! (no hard feelings either in any way!)(however, sometimes I hear people talking about LDAP authentication and then I try to explain that LDAP is the dir access protocol and that kerberos or NTLM is the auth protocol. After that sometimes they still keep talking about the "LDAP authenticating protocol" and I think "whatever!"). I even rephrased it in another mail (see below beneath your post) that _ldap and _kerberos is used. I did a network trace for a "client join", "a workstation boot and user logon" and a "user password change". I will post my findings on monday as I have them on my laptop and I'm using webmail right now from another computer. I will even send the capture files if I don't forget to add them so everyone can see if interested.
Cheers #JORGE# -----Original Message----- From: [EMAIL PROTECTED] To: [email protected] Sent: 5/8/2005 7:24 PM Subject: RE: [ActiveDir] DNS vs. Hosts File Of course LDAP is going to be used, as there needs to be a protocol that knows how to find the authenticating DC. However, not to confuse any issues here - LDAP is not and authenticating protocol in any way, shape or form. Jorge, just want to be sure that you know that I know you weren't insinuating LADP had anything to do with authN, either. Merely clarifying the point. -rtk -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jorge de Almeida Pinto Sent: Thursday, May 05, 2005 7:24 PM To: 'joe '; '[EMAIL PROTECTED] '; '[email protected] ' Subject: RE: [ActiveDir] DNS vs. Hosts File Darren has written a great article on AD network interactions (http://www.windowsitpro.com/Article/ArticleID/37928/37928.html) Both _ldap and _kerberos are used during authentication #JORGE# -----Original Message----- From: [EMAIL PROTECTED] To: [email protected] Sent: 5/6/2005 2:12 AM Subject: RE: [ActiveDir] DNS vs. Hosts File I believe Jorge is correct. If I recall correctly, the last time I did a complete trace from boot to log on of a K3 Server the only SRV record looked up at any point in that process was the _ldap._tcp.<site>._sites.<domain> record. However, I can't count out that some caching from previous boots wasn't being used by the server when it started. The full proof way I guess of testing this would be to take a raw fresh box and trace it on startup through the join process and then reboot and log on to see if the kerberos record is ever queried. However, in all of the traces I have done, I don't think I ever recall seeing a query for the _kerberos records.... Does MS DNS have the capability to keep easy statistics on what records are queried and how often? joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Thursday, May 05, 2005 7:41 PM To: [email protected] Subject: Re: [ActiveDir] DNS vs. Hosts File I thought for auth purposes, it was _kerberos.tcp.<site>. etc,etc...? Am I wrong? Thanks -------------------------- Sent from my BlackBerry Wireless Handheld (www.BlackBerry.net) List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
